Microsoft faces French fines over Windows 10 data collection

This site may earn affiliate commissions from the links on this page. Terms of use.

France’s National Data Protection Commission has formally warned Microsoft that its data collection practices in Windows 10 are in violation of French law. The group has already served Microsoft with a notification of its findings, but waited three weeks before making the determination public.

The complaint lists several Windows practices that the French investigation found to be inadequate. When Windows 10 is installed, an advertising ID is created by default and activated across all user accounts. There’s no information given on how the data used to create a Microsoft account is used or protected. It also dinged the company for collecting telemetry by default, and for the four-digit PIN Microsoft uses to provide additional security. Once entered, the PIN continues to authenticate to Microsoft services, even if the browser is closed and reopened. Repeatedly entering an incorrect PIN does not trigger a PIN reset; the team was able to enter an incorrect PIN 20 times in a row and still authenticate the original digits.

Windows 10 telemetry settings

Microsoft’s telemetry practices have come under fire in the United States, since it’s impossible to turn the feature off unless you have the Enterprise, Education, Mobile Enterprise, IoT Standard, or Server 2016 Technical Preview version of the OS. These versions provide a fourth telemetry-gathering option, “Security,” which relays “only the telemetry info that is required to keep Windows devices, Windows Server, and guests secure with the latest security updates.” The existence of this fourth level, according to the French, “confirms that most of the data included in the basic level are not essential for the system to operate, so collecting such data is excessive with respect to this purpose.”

Because this telemetry gathering is excessive by definition, Microsoft is in breach of the Data Protection Act. It also fails to inform users of exactly which data Microsoft stores and collects or how that information is used. Microsoft’s unique advertising ID is active by default and is therefore in breach of the Data Protection Act as well.

While Microsoft’s practices and data gathering have been criticized by multiple sources over the past year, this is more of an administrative finding than a judicial complaint. This report gives Microsoft three months to solve the problem before it faces the prospects of fines, but the fines only amount to $1.66 million USD. That’s basically equivalent to the loose change in Satya Nadella’s couch.

Microsoft has already commented on the situation via a statement to VentureBeat. The company has promised to work with the French watchdog to resolve these issues and affirmed that it is fully committed to resolving the organization’s problems in a way that respects EU law.

Tagged In

And yet some of the IT (ms fanboys) will claim that windows 10 doesn’t collect data.
If proven false, they will make up an argument stating (Well apple and google collect just as much data).
But what they don’t realize is that I can easily stop using google or apple, and they don’t have as much control of my devices as M$.

Decimal

And yet some of the IT people in the know would kindly point out that not using Google is actually much more difficult than not using Microsoft’s products. You could, for example, use a Linux OS (to avoid MS) quite easily. But then the vast, vast majority of websites use Google’s advertising analytics. To avoid Google you’ll pretty much have to get off the grid entirely.

BrokenBC

Not true you just block google analytics with an app like ghostery or privacy badger

Cestarian

Also duckduckgo ain’t bad.

clarice.curtis

I usually make roughly $6k-$8k /month with my internet task. So if you are prepared to work basic freelance task for some h each day at your home and gain decent income in the same time… Test this workhttp://fave.co/1Pj8UFH

dgdsfg

Cestarian

Yeah well you’re a whore, I’m not.

roborat

Who said MS doesn’t collect data? I think they have been very clear that telemetry is turned on and have been transparent on what they collect.

Even CNIL doesn’t consider telemetry an issue and was very specific about what they considered as excessive.

Daniel Revas

France disagrees.

roborat

CNIL is the French watchdog and I recommend you read their report before you chime in. There is nothing in the report that asks MS to stop the telemetry.

albert89

So does that mean we can’t ask M$ to switch off the telemetry or judge that it is too intrusive ?
You’ve been sucking on the dummy for too long to notice something aint right !

roborat

Ain’t right? Is it wrong that Amazon gives you recommendations based on your browsing history? Is it wrong that iTunes recommends music based on your purchase history? Is predictive search wrong by logging your keystrokes. Is Siri and Cortana wrong to use your personal info as context? Are cookies wrong? Is it wrong for MS to collect crash information?

Things aren’t as black and white as you think. You think Facebook and uber can work without people sharing personal information? Times have change and even privacy lawyers and legislators knows this.

Solaris

There must be a deal. You give off some personal info for some kind of service. If you don’t want to give out those informations you should be able to stop it. And that’s exactly what Google is doing. But what Microsoft is doing is putting a ransomware on your own system refusing any opt out. Did you even read Cortana’s notice? They collect EVERYTHING, even speech when you’re not even using mic! It’s plain wrong, and telling how it’s ok, since Google or the likes does it too is not going to cut it. Two wroingdoings don’ make one right.

roborat

“ransomware”? LOL.

albert89

Yes, yes, yes, yes and yes ? You say ‘Times have changed’. And I say times have changed for the worse. So grow up, spit that dummy and accept that things can change for the better by fighting for what you want rather than accept how it is in 2016.

roborat

“for the worse”?
I can use my smartphone to tell me where exactly I am in any city in the world, get real time traffic during and before I set off driving, know where my friends are before we meet, know the weather, the next train, get personalised ads and recommendations instead of random irrelevant stuff, I don’t need to re-type name and password to purchase something, can adjust the temperature before I get home, does not need to pay exorbitant amount to video call someone across the globe, etc.
Oh, please do tell me exactly what has gotten worse? Or are you just one of those who like to complain regardless?

albert89

Your so stupid, I can’t believe it. So you need a phone to tell you were you are ?? You get personalised ads ???? I’ve heard of people complaining to me why they don’t get personalised ads like you ! Frankly everyone hates ads. That’s why they use ad block software !!! To adjust home temperature I open a window or door (lol). You sound confused when it comes to privacy. Win10 opens the door to being more intrusive without your permission as was reported in this article. This has nothing to do with navigation or traffic flow, idiot.

roborat

Lot’s of talk but where’s your example of “times have changed for the worse”?

“Personalised ad” – you sound confused by suggesting Ad blocker. It’s the “people who bought X also both Y” from Amazon. It’s the music recommendations from iTunes. The same for Netflix and Amazon and YouTube. Nobody hates these. It’s part of what makes the service a better experience.

“Win10 opens the door to being more intrusive without your permission as was reported in this article.”
LOL. It doesn’t and it wasn’t what CNIL reported. You accept the EULA therefor you give your permission. CNIL talks about “excessive” data collection. They didn’t say data collection was wrong. I suggest you do some homework.

Ascaris

We were a lot better off before smartphones. I doubt I will ever have one. There are cheaper ways to prop up my table with one short leg. And I want it to ask my password (and encryption key) every time; the other alternative is that it stores it locally, making it available to attackers (unless you mean a master password to unlock the individual site password storage, in which case I agree).

I get along just fine without all of that stuff, just as people have for generations. Even seeing it all described, it still doesn’t appeal to me. I don’t want to know where my friends are before we meet, and I would not disclose my location to anyone either. I don’t care about train schedules, and the traffic is what it is; I deal with it as it comes. I never change my thermostat setting, and I don’t care about video calls, as I have never wanted to have one.

Smartphone users often don’t experience the things going on around them. They see it on a tiny screen, even if they are there in person. Why even go anywhere or see anything? If you’re going to watch it on a tiny screen as you record it, you might as well let someone else go record it and watch it later on Youtube. Like a picture of a group of people who went to see the Pope… every one of them was watching on an upraised smart phone, the pathetic sheep they were, except for one old lady, who was grinning ear to ear. She was the only one watching the actual thing, not a pixellated image of the real thing that’s right there to be seen.

People like something on Facebook, and they expect an immediate response from all their friends. They send a text, or whatever other kind of social media thing they do now instead of SMS, and they expect an instant response. Post pictures on Instagram, expect instant response. That’s what leads to the stories about how the phone is the first thing most people look at in the morning and the last thing at night, and how they can’t wind down and stop thinking about all of that tripe and relax in bed.

I realize, of course, that a phone is just an inert device until someone uses it, and that no one forces people to behave that way. That said, though, this particular subculture could not have existed without the smartphone, and it grew organically (as they say) around the smartphone. And if you have one, you’re expected to participate; they insist on you having their Facebook and Instagram whatevers, and they insist you friend them and that you behave just like everyone else.

I’d have no problem telling them no, no, and no, but not everyone is that way, especially the young, vulnerable-to-peer-pressure set. I’m glad to have grown up before smartphones existed; I wish I had lived out my entire life that way.

roborat

We’re not a lot better off without smartphones. Your single opinion is irrelevant against the Billion people who buy and use them on a daily basis. You cannot use your personal preference as an argument against a thriving global demand for the device and the services it provides. It is only right that MS makes a product that can provide the user experience that is expected by todays’ generation.

Ascaris

No one expects a phone experience on a desktop PC. Windows Mobile is regarded by most as dead in the water, so Windows doesn’t need to be half-mobile, half-desktop silliness. Even if Windows Mobile was successful, it still isn’t necessary to gimp the desktop product with the same compromises needed to make phones semi-usable.

roborat

Your argument failed to take into account tablets, 2in1s and laptops, therefore is wrong.

Ascaris

I’m not using one of those, therefore my argument is right.

roborat

Oh so just because YOU don’t use gadgets means MS should stop innovating?
Not only is your argument wrong, it’s now even starting to make no sense.

Ascaris

They can “innovate” all they want, if that’s what you want to call it (an OS that sucks equally across multiple platforms, hooray!). Just don’t stick a completely inappropriate phone UI on a desktop PC and tell me it’s good because some other person might have in all-in-one.

What they do with other devices is of no concern to me. That’s between them and the users of those devices. As far as the desktop is concerned, what they’ve come up with is worse than an older product; I get many of the negatives of running a mobile device without actually having a mobile device!

When I am using a desktop, I expect nothing less than an experience tailored and completely suited to the desktop, without compromise. Windows 7 is like that. Linux Mint Cinnamon is like that. I hear OSX/MacOS is like that. Windows XP was like that. Every Windows back to 3.0 was like that!

If this is “innovation,” they can keep it.

roborat

You obviously haven’t used W10 on a PC because you’re complaining doesn’t make any sense.
I use W10 on a desktop using a mouse and a keyboard and I can’t relate to your “Windows 8ish” complaints. W10 is not W8.
Quad tiling, multiple virtual desktops, less mouse clicks to settings, better notification are only a few that makes W10 desktop a much better experience that any OS on the planet.

Ascaris

I have used Windows 10– why do you think I hate it so much? I had it on one of my PCs for most of the last year, and it was on all of my PCs except my backup server for a time.

To really get to loathe Windows 10, you have to use it. Like Eugene Levy’s car salesman character in National Lampoon’s Vacation said, “You think you hate it now… but wait ’till you drive it.”

Windows 10 isn’t better than 7, it’s not better than Cinnamon or KDE on Linux, and it’s not better than XP. I’ve never used a Mac, but I am willing to bet it’s not better than OSX/MacOS either.

Ascaris

Yes, yes if on by default or it can’t be turned off, yes if on by default or it can’t be turned off, yes if on by default or it can’t be turned off, usually yes for tracking cookies, and yes, if it does it with permission by default or can’t be turned off.

Facebook and Uber can do whatever they want; they could cease to exist and I wouldn’t notice.

Two wrongs don’t make a right for that matter. PR wise Microsoft would have scored more users doing a thing of making Win 10 the true integrity safe OS instead. Now its a local google on your PC wich is not what people want. Would have worked a decade ago and no one would have cared but today when everyone is way more aware of how they are tracked, wrong point in time to launch that stuff in a new OS.

jqpabc123

they will make up an argument stating

There is no need to “make up” an argument when it is true.

Your smart phone is effectively a personal Lo-Jack device.

Cestarian

“…affirmed that it is fully committed to resolving the organization’s problems in a way that respects EU law.”

this law is so vague since almost everything has data collection. These days it’s tough to avoid it even on linux.

Ascaris

Tough to avoid? All you have to do is not install an old version of Ubuntu (Unity).

RKflorida

The “but Google/Apple/Yahoo does it argument” is typical of anyone who can’t defend their position. The fact that Google collects data makes it OK for MS to do it? NO! It is absolutely wrong for MS to do it and what makes it worse is that we are talking about the OS, not a site or application. MS collects data, refuses to listen to it’s user base, defies everyone in refusing to provide a sure method to turn all telemetry off, and lies about how necessary it is for their product improvement. That alone kills any chance I’ll ever use Win10. Microsoft’s arrogance is indefensible and destructive to the company. I don’t know what their final goal is but I have to extrapolate the current behavior to calculate their future actions, since I don’t want to be painted into a corner. I see subscription for Windows, and the lack of privacy and intrusion into my machines escalating.
As far as Windows 10 for free? Remember whenever something is offered for “free” YOU are the product. Always.

Daniel Revas

Expect Microsoft to allow ALL versions of windows 10 used in the EU to be able to alter how Windows 10 collects data within the year.

New Member 101

Based on this article I would disagree. Microsoft has 3 months or they will be fined $1.6 million. I’m not sure how French laws work. If MS doesn’t meet the deadline will the French give MS 3 more months or another $1.6M fine? Unless the fine is substantially increased I doubt Microsoft will give a damn about paying a fine.

Businesses purposely break laws and rules because they know they still make a net profit from doing their illegal activities once the fines are paid off. Any hit a fine makes to a company’s bottom line the company will just increase the cost of their services which ultimately falls back to customers footing the bill.

It’s a lose-lose situation for everyone except MS.

Daniel Revas

The EU is likely to weigh in, and the fines that they have levied in the past against Google and Microsoft make me believe this will get worse for Microsoft if they don’t comply. I would wait and see.

Lorfa

I must be hungry, because the read the title as “Microsoft faces french fries over windows 10 data collection”. I’m like hmm, that doesn’t sound so bad, they’ll probably be ok with that.

Darryl Mylrea

We need transparency. MS wants data? Give us clear options so we can make clear choices. What I hate is the sneaky crap MS is pulling by making the ‘X” button to close a window actually mean “accept”, or when installing Win10, you clear all the options for telemetry and security during the first login, but as soon as you install a cumulative update, the options are reset without an easy, all-in-one place to put them back how you want them. Very untrusting.

0sx

Microsoft does not face fines at this point.
Only if it doesn’t comply with the requirements, which it is also welcome to contest, would the CNIL move to ask for a fine.
On the other hand, should Microsoft blatantly refuse to comply, it would face much more than French fines, as the data protection agencies of other European countries would most certainly seek redress too.

JustMeToo

1.66 million? Mr. Nadella likely has pocket lint worth more than that. Unless the EU comes back and drops the hammer, I dont see Microsoft caring one way or the other.

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.